Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Apply limit to per-room display names when setting them #10654

Merged
merged 9 commits into from
Aug 23, 2021
Merged

Apply limit to per-room display names when setting them #10654

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
1e1657e
Apply limit to per-room display names when setting them
Aug 19, 2021
f6bb4a1
Added changelog
Aug 19, 2021
e12d9ec
Added type hint for member_linearizer (fixed mypy error)
Aug 19, 2021
f59a029
Applied suggestions from code review
Aug 20, 2021
f926bd5
Merge remote-tracking branch 'origin/develop' into azren/max_per_room…
Aug 20, 2021
cd94d10
Wrong default value - now empty string
Aug 20, 2021
f326c3c
Throw synapse errors instead of stripping
Aug 20, 2021
e6fd3a7
Use same errors as when exceed limit on NON per-room displayname/url
Aug 20, 2021
7d93b19
Applied suggestions from code review
Aug 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/10654.bugfix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Apply display name length limit to per-room display names.
Azrenbeth marked this conversation as resolved.
Show resolved Hide resolved
9 changes: 8 additions & 1 deletion synapse/handlers/room_member.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
from synapse.event_auth import get_named_level, get_power_level_event
from synapse.events import EventBase
from synapse.events.snapshot import EventContext
from synapse.handlers.profile import MAX_AVATAR_URL_LEN, MAX_DISPLAYNAME_LEN
from synapse.types import (
JsonDict,
Requester,
Expand Down Expand Up @@ -79,7 +80,7 @@ def __init__(self, hs: "HomeServer"):
self.account_data_handler = hs.get_account_data_handler()
self.event_auth_handler = hs.get_event_auth_handler()

self.member_linearizer = Linearizer(name="member")
self.member_linearizer: Linearizer = Linearizer(name="member")
Azrenbeth marked this conversation as resolved.
Show resolved Hide resolved

self.clock = hs.get_clock()
self.spam_checker = hs.get_spam_checker()
Expand Down Expand Up @@ -556,6 +557,12 @@ async def update_membership_locked(
content.pop("displayname", None)
content.pop("avatar_url", None)

if len(content.get("displayname") or "") > MAX_DISPLAYNAME_LEN:
raise SynapseError(403, "Displayname is too long (max 256)")
Azrenbeth marked this conversation as resolved.
Show resolved Hide resolved

if len(content.get("avatar_url") or "") > MAX_AVATAR_URL_LEN:
raise SynapseError(403, "Avatar URL is too long (max 1000)")

effective_membership_state = action
if action in ["kick", "unban"]:
effective_membership_state = "leave"
Expand Down